CVE-2020-7587 in Opcenter Execution Discreteinfo

Summary

by MITRE

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions), SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES (All versions), Soft Starter ES (All versions). Sending multiple specially crafted packets to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/15/2020

This vulnerability affects a wide range of Siemens industrial software products including Opcenter Execution Discrete, Foundation, Process, Intelligence, Quality, RD&L, SIMATIC IT LMS, Production Suite, Notifier Server, PCS neo, TIA Portal V15 and V16, SIMOCODE ES, and Soft Starter ES. The vulnerability stems from improper handling of specially crafted network packets in the affected services, creating a potential remote attack vector that could be exploited by malicious actors. The flaw manifests as a partial denial-of-service condition that forces affected services to restart automatically, disrupting industrial operations and potentially creating security gaps during the restart process.

The technical implementation of this vulnerability involves network protocol processing failures within the affected industrial software components. When multiple malicious packets are transmitted to the vulnerable services, the systems fail to properly validate or handle the malformed data, leading to service instability and subsequent restarts. The vulnerability's impact extends beyond simple service disruption as it can also result in information disclosure, where random data from the service memory may be leaked to the attacker. This information leakage represents a significant security concern as it could expose sensitive operational data, system configurations, or potentially aid in further exploitation attempts.

From an operational standpoint, this vulnerability poses serious risks to industrial control systems and manufacturing environments where these Siemens products are deployed. The partial denial-of-service condition can cause production interruptions, data loss, and potential safety hazards in critical manufacturing processes. The automatic service restarts may also mask the underlying security breach, making it difficult for operators to detect ongoing attacks. The information disclosure aspect increases the attack surface by potentially revealing system internals, configuration details, or operational parameters that could be leveraged for more sophisticated attacks. Organizations using these industrial systems face the risk of operational disruption, regulatory compliance issues, and potential compromise of their industrial control infrastructure.

The vulnerability aligns with CWE-121 and CWE-122 categories related to buffer overflow conditions and improper input validation, while also mapping to ATT&CK techniques involving service stoppage and information gathering. Organizations should immediately implement network segmentation to isolate affected systems, apply available vendor patches, and monitor network traffic for suspicious packet patterns. Regular security assessments should be conducted to identify similar vulnerabilities in industrial control systems, and incident response procedures should be updated to address potential service restart attacks and information disclosure scenarios. The affected systems require proper access controls and network monitoring to detect and prevent exploitation attempts.

Reservation

01/21/2020

Moderation

accepted

CPE

ready

EPSS

0.02484

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!